Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1021102210231024102510261027102810291030
D-71
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Protocol = Any (or the same protocol in the traffic selector)
Source addresses = IKE mode config addresses
Source port = Any (or the remote port in the traffic selector)
Destination addresses = Local address in the traffic selector
Destination port = Any (or the local port in the traffic selector)
If you can do so securely, try configuring this policy and determining whether
your traffic can reach its destination. Remember to enable logging on the
policies in question so that you can see when traffic matches a policy. It is
possible that the module is permitting the traffic but another security device
is dropping it.
Once you get traffic flowing across the tunnel, you can experiment with more
restrictive policies.
Troubleshooting a Client-to-Site L2TP over IPsec VPN
The following sections outline a process and tips for troubleshooting a client-
to-site VPN that uses L2TP over IPsec.
Set up a Test Client. As you troubleshoot the VPN, you must periodically
check various settings on the remote client and try to re-initiate the connec-
tion. It is a good idea to create a test client for this purpose:
1. Connect the endpoint to a port on the host switch.
2. Assign the switch port to the VLAN on which module receives traffic from
remote clients (this is also the forwarding VLAN in the route to remote
endpoints).
For example, if the remote clients connect through the Internet, you
should assign the switch port to the VLAN on which the TMS zl Module
connects to the Internet router.
3. Assign the endpoint an IP address in the subnet associated with this VLAN
and configure the TMS zl Module as its default gateway.
4. Create a VPN connection, configuring the client with the same VPN
settings that are used by your remote users.
5. Attempt to initiate a VPN connection.
If the VPN connection comes up and the test client can successfully send
traffic across it, then you should look for problems such as the following:
The TMS zl Module and the actual remote clients cannot reach each other.